From aea79b80351109506bd089694df6f22785456f68 Mon Sep 17 00:00:00 2001
From: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Date: Wed, 28 May 2014 19:03:01 +0300
Subject: [PATCH] Add ability rule for creating project in namespace

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
---
 app/models/ability.rb | 8 ++++++++
 app/models/group.rb   | 6 +++++-
 app/models/project.rb | 4 ----
 app/models/user.rb    | 2 ++
 4 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/app/models/ability.rb b/app/models/ability.rb
index 1afe8a4638f..70c26caded8 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -188,6 +188,13 @@ class Ability
         rules << :read_group
       end
 
+      # Only group masters and group owners can create new projects in group
+      if group.has_master?(user) || group.has_owner?(user) || user.admin?
+        rules += [
+          :create_projects,
+        ]
+      end
+
       # Only group owner and administrators can manage group
       if group.has_owner?(user) || user.admin?
         rules += [
@@ -205,6 +212,7 @@ class Ability
       # Only namespace owner and administrators can manage it
       if namespace.owner == user || user.admin?
         rules += [
+          :create_projects,
           :manage_namespace
         ]
       end
diff --git a/app/models/group.rb b/app/models/group.rb
index 3cbf30a20df..2e68779d367 100644
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -26,7 +26,7 @@ class Group < Namespace
   validates :avatar, file_size: { maximum: 100.kilobytes.to_i }
 
   mount_uploader :avatar, AttachmentUploader
-  
+
   def self.accessible_to(user)
     accessible_ids = Project.accessible_to(user).pluck(:namespace_id)
     accessible_ids += user.groups.pluck(:id) if user
@@ -60,6 +60,10 @@ class Group < Namespace
     owners.include?(user)
   end
 
+  def has_master?(user)
+    members.masters.where(user_id: user).any?
+  end
+
   def last_owner?(user)
     has_owner?(user) && owners.size == 1
   end
diff --git a/app/models/project.rb b/app/models/project.rb
index fc7c7d042f3..1e74ae735ba 100644
--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -387,10 +387,6 @@ class Project < ActiveRecord::Base
     end
   end
 
-  def transfer(new_namespace)
-    ProjectTransferService.new.transfer(self, new_namespace)
-  end
-
   def execute_hooks(data, hooks_scope = :push_hooks)
     hooks.send(hooks_scope).each do |hook|
       hook.async_execute(data)
diff --git a/app/models/user.rb b/app/models/user.rb
index 16961e5413b..f1b6139745e 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -90,6 +90,8 @@ class User < ActiveRecord::Base
   has_many :users_groups, dependent: :destroy
   has_many :groups, through: :users_groups
   has_many :owned_groups, -> { where users_groups: { group_access: UsersGroup::OWNER } }, through: :users_groups, source: :group
+  has_many :masters_groups, -> { where users_groups: { group_access: UsersGroup::MASTER } }, through: :users_groups, source: :group
+
   # Projects
   has_many :groups_projects,          through: :groups, source: :projects
   has_many :personal_projects,        through: :namespace, source: :projects
-- 
GitLab